When using SSL factories with RMI the client will hang forever if the server
doesn't have a keystore.
I have attached a small test to reproduce this (see attached gziped tar file):
----------------------------------------------------------------------------
This is the Hello SSL/RMI example modified as follows:
1) HelloImpl main() is modified so that it does not exit
2) The RMI registry is expected to be started on port 7777
3) The RMI SSL Server Factory is modified to call
SSLServerSocketFactory.getDefault() (instead of SSLContext.init())
4) I have added a keystore and a trustore in the ssl subdirectory.
The password for the keystore is "password", the password for
the truststore is "trustword"
To reproduce the bug:
Compile *.java
Open two terminal windows
Start the server in one of them (ksh):
java -classpath . -Djava.security.policy=$(pwd)/policy HelloImpl
Start the client in the other (ksh):
java -classpath . -Djava.security.policy=$(pwd)/policy -Djavax.net.ssl.trustStore=$(pwd)/ssl/truststore -Djavax.net.ssl.trustStorePassword="trustword" HelloClient
Bug description:
The client hangs forever (it hangs until the server is stopped).
The server has been started with no keystore (no -Djavax.net.ssl.keyStore
and no -Djavax.net.ssl.keyStorePassword).
I was expecting the client to fail to connect with a "connection refused"
or "authentication failed" exception.
Instead it hangs forever.
----------------------------------------------------------------------------
doesn't have a keystore.
I have attached a small test to reproduce this (see attached gziped tar file):
----------------------------------------------------------------------------
This is the Hello SSL/RMI example modified as follows:
1) HelloImpl main() is modified so that it does not exit
2) The RMI registry is expected to be started on port 7777
3) The RMI SSL Server Factory is modified to call
SSLServerSocketFactory.getDefault() (instead of SSLContext.init())
4) I have added a keystore and a trustore in the ssl subdirectory.
The password for the keystore is "password", the password for
the truststore is "trustword"
To reproduce the bug:
Compile *.java
Open two terminal windows
Start the server in one of them (ksh):
java -classpath . -Djava.security.policy=$(pwd)/policy HelloImpl
Start the client in the other (ksh):
java -classpath . -Djava.security.policy=$(pwd)/policy -Djavax.net.ssl.trustStore=$(pwd)/ssl/truststore -Djavax.net.ssl.trustStorePassword="trustword" HelloClient
Bug description:
The client hangs forever (it hangs until the server is stopped).
The server has been started with no keystore (no -Djavax.net.ssl.keyStore
and no -Djavax.net.ssl.keyStorePassword).
I was expecting the client to fail to connect with a "connection refused"
or "authentication failed" exception.
Instead it hangs forever.
----------------------------------------------------------------------------
- relates to
-
JDK-5060475 Remove SSL checks in ConnectorBootstrap.
-
- Resolved
-